<?PHP
// vim: set expandtab tabstop=4 shiftwidth=4:
// +----------------------------------------------------------------------+
// | SAPID: XML Sapiens Engine Demonstrator                               |
// +----------------------------------------------------------------------+
// | Author:  Max Baryshnikov aka Mephius <mb@redgraphic.com>,	          |
// | Dmitry Sheiko <sheiko@cmsdevelopment.com>	                		  |
// | Copyright (c) 2004-2005 Max Baryshnikov                              |
// | http://sapid.sourceforge.net	                                      |
// +----------------------------------------------------------------------+
// | This source file is free software; you can redistribute it and/or    |
// | modify it under the terms of the GNU Lesser General Public           |
// | License as published by the Free Software Foundation; either         |
// | version 2.1 of the License, or (at your option) any later version.   |
// |                                                                      |
// | This source file is distributed in the hope that it will be useful,  |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of       |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    |
// | Lesser General Public License for more details.                      |
// +----------------------------------------------------------------------+
// Release: 24.02.05 (dd/mm/yy)
// $Id: authorization_analysis.inc.php,v 1.4 2005/12/23 07:34:53 sheiko Exp $
if (!defined("SAPID_STARTED")) die("Hacking attempt!");

if(getenv("HTTP_X_FORWARDED_FOR")) $IP = getenv("HTTP_X_FORWARDED_FOR"); 
elseif(getenv("HTTP_CLIENT_IP")) $IP = getenv("HTTP_CLIENT_IP"); 
else $IP = getenv("REMOTE_ADDR"); 

$IPParts = split("\.", $IP);

if ($env["argv"][0]==$admin_path) {
 	$ForbidFlag = 1;	
	if (isset($GLOBALS["LegalIPsList"])) { 
           foreach ($GLOBALS["LegalIPsList"] as $LegalIP){ 
           		$LegalIPParts = split("\.", $LegalIP);
           		$ForbidPartFlag = 0;
           		foreach($IPParts as $Index=>$Part) {
           			if($LegalIPParts[$Index]!="*" && $LegalIPParts[$Index]!=$Part) {
           				$ForbidPartFlag = 1;
           				break;
           			}
           		}
           		$ForbidFlag = $ForbidFlag && $ForbidPartFlag;
           		if(!$ForbidFlag) break;
           } 
           if($ForbidFlag){ 
              header ("HTTP/1.0 404 Not Found"); 
              $env["argv"] = array(); 
              $env["argv"][0] = "404error"; 
              $code="\$env[\"page\"]=\$tree->structure[\"root\"][\"404error\"];"; 
			  $tree = new tree(ROOT_PATH . "usr/xml/tree.xml");
			  $tree->build_structure();              
              @eval($code); 
        		// Notification about 404 error 
              if(!$env["page"]) 
                 display_die("404error_page.tpl"); 
           } 
        }
}

if ($env["argv"][0]==$admin_path) {
	if ($_SESSION["user"]) header("Location: ".$http_path);
	if ($_POST["login"] and $_POST["password"]) {
		$db = new sapi_vdb($root_path . "usr/xml/users.xml");
		$users = $db->get_data();

		foreach ($users as $user) {
			if($_POST["login"]==$user["LOGIN"] and $_POST["password"]==$user["PASSWORD"]){
				$_SESSION["user"]=$env["user"]=$user;
				$_SESSION["user"]["mode"]=$env["user"]["mode"]=$_POST["mode"];
				break;
			}
		}
	}
	
	if(is_array($env["user"])){
		if($_POST["uchk"])	include($root_path ."usr/system/checknewversion.inc.php");
		$_GET["option"]="structure";
		$env["argv"]=array();
	}else{
		// Error handling
		$locale_env = array("window_title" => (($_POST["login"] or $_POST["password"])?"<b style=\"color: red;\">Access Denied</b>":"<b>Twilight Zone Gates</b>"));
		display_die("admin_authorization_page.tpl", $locale_env);
	}
}
	if($_SESSION["user"] and !$user) $user=$_SESSION["user"];
    $env["user.login"] = $user["LOGIN"];
    $env["user.usergroup"] = $user["GROUP"];
    $env["user.mode"] = $user["mode"];
    $env["user.cdate"] = $user["DATE_CREATE"];
    $env["user.ip"] = $user["IP"];
    $env["user"]= $user;
?>